infinite_asshole comments on Closet survey #1 - Less Wrong

53 [deleted] 14 March 2009 07:51AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (653)

Comments (653)

You are viewing a single comment's thread. Show more comments above.

Comment author: infinite_asshole 16 March 2009 03:05:31AM *  1 point [-]

I don't agree with it. You can't believe everything you read in Wired. The "information should be free" movement is just modern techno-geek Marxism, and it's only sillier the second time around.

People and companies exposing buggy software to untrusted parties deserve to have it exploited to their disadvantage. Maliciously attacking software systems by submitting data crafted to trigger security-critical bugs should not be illegal in any way.

All software is buggy. All parties are untrusted.

Comment author: Sebastian_Hagen 16 March 2009 09:22:55AM *  7 points [-]

All software is buggy.

That may be so now, but that doesn't mean it's impossible to change it. That the current default state for software is "likely insecure" reflects the fact that the market price for software security is lower than the cost of providing it.

Laws against software attacks raise the cost of performing such attacks, and therefore lower the incentives for people to ensure the software they use is secure. I think it would be worth a try to take that illegality away, and see if the market responds by coming up with ways to make software secure.

You can't get really good physical security without expending huge amounts of resources: physical security doesn't scale well. Software security is different in principle: If you get it right, it doesn't matter how many resources an attacker can get to try and subvert your system over a data channel - they won't succeed.

Powered by Reddit Powered by Reddit